Tutorials·13 June 2026 · 9 min read
The 12 API bugs I check for first
A high-value checklist: the twelve API bugs that surface most often, from wrong status codes to idempotency failures.
api-testingchecklistbugs
Blog
API Testing.
Status codes, contracts, pagination, auth, and the API bugs that surface before the UI is ready.
Tutorials·13 June 2026 · 8 min read
API pagination, filtering, and sorting bugs
The specific bugs that hide in paginated, filtered, and sorted endpoints — off-by-one pages, unstable sorts, and filter leaks.
api-testingpaginationbugs
Deep dives·13 June 2026 · 8 min read
API status codes testers should actually care about
Skip the full registry — learn the dozen status codes that carry real meaning, what each promises, and how to spot when the code and the body disagree.
api-testingstatus-codeshttp
Field notes·13 June 2026 · 8 min read
How I test an API before the UI is ready
The API ships weeks before the screen. Test it directly from the contract — the whole bad-input, auth, and edge class is open at the API and invisible once the UI hides it.
api-testingshift-leftprocess
Case studies·13 June 2026 · 8 min read
The API pagination bug that looked like a frontend issue
Items vanished and duplicated on scroll; the frontend took the blame for two sprints. The cause was an unstable API sort over a non-unique key. Follow the symptom down the stack.
case-studyapi-testingdebuggingbugs
Deep dives·13 June 2026 · 9 min read
The API test data problem nobody plans for
API suites fail on shared, stale, order-dependent data more than on wrong assertions. The own-your-data strategy — independent, unique, cleaned — that keeps them reliable.
api-testingtest-dataautomationfixtures
Tutorials·13 June 2026 · 8 min read
How to test rate limits without annoying everyone
Test the full rate-limit contract — enforcement, 429, Retry-After headers, recovery, scope — with a low configurable limit and a dedicated key, not by flooding shared staging.
api-testingrate-limitinghttptutorial
Tutorials·13 June 2026 · 9 min read
How to review Swagger/OpenAPI as a QA engineer
An OpenAPI spec is a ready-made test plan — every param and status code is a case — and its gaps (missing errors, unbounded fields, drift) predict the bugs.
api-testingopenapiswaggercontract
Comparisons·13 June 2026 · 8 min read
REST Assured vs Postman: how I use both
Not winner-takes-all — Postman for exploring and sharing, REST Assured for the durable automated suite in CI. The dividing line is lifespan and automation.
api-testingrest-assuredpostmancomparison
Comparisons·9 December 2025 · 8 min read
Postman vs Insomnia vs Bruno in 2026: my pick for API testing
Three tools, three very different bets on what API testing should feel like. I've been comparing them for teams who want to move off ad-hoc curl scripts, and here's the pick.
api-testingpostmanbrunocomparison
Opinions·25 November 2025 · 8 min read
API tests as documentation — and why that's the only test suite anyone reads
Wiki pages about APIs go stale in three months. The API test suite gets opened every single day. Write tests that read like documentation — and stop writing the wiki.
api-testingdocumentationpatterns
Deep dives·11 November 2025 · 10 min read
Contract testing, explained without the Pact marketing
Contract testing is two things wearing one name: a model and a tool. The model is genuinely useful; the marketing for the tool oversells where it fits. Here's the model, separated from any vendor's pitch.
contract-testingpactapi-testingmicroservices
Deep dives·28 October 2025 · 9 min read
REST vs GraphQL testing: the actual differences
Most 'REST vs GraphQL' content is about API design. The testing perspective is different — query construction, schema-aware tooling, the N+1-shaped test bug, and why GraphQL flips the test pyramid.
api-testinggraphqlrestcomparison